ZeroFOX has warned a huge number of financial scams that are targeting Instagram account holders.

The security firm said that it had found 4,574 unique Instagram scam posts in over two million posts it had analysed. It described it as an “Instagram scam epidemic.”

Furthermore it warned that for every one scam taken down, three more are created. And these scam posts are persistence, as 80 percent of the scam posts have lifespans of over 45 days. The problem is so severe that it is impacting “virtually all major financial institutions and banks, with losses to the tune of hundreds of millions of dollars in annually.”

Money-flip Scam

The research team at ZeroFOX apparently spent four months identifying “thousands of scams targeting major financial institutions and their customers across Instagram.”

It used a machine learning classifier and analysed Instagram scam posts in relation to 37 of the biggest financial institutions in the United States. The researchers also utilised a honey-pot Instagram account to engage with the scammers, in order to better understand their methods.

Essentially, if an Instagram user following any bank or financial institution, there is a high chance they could be targeted by these so called “money-flipping scams”.

The way these money flipping scams work is to try and extort victims into sending money or disclosing banking information. In return the scammers promises to “flip” their money and return a huge profit. For example, a scammer typically asks for your online bank account to conduct the flip and deposit the money into your account (of course it never arrives.)

The scammers apparently use Instagram to advertise their services with pictures of money, luxury goods and drugs, and seem to target the poor and members of the military in particular.

In-Built Weaknesses?

ZeroFOX said that there are 1,386 unique scammer accounts using Instagram to actively create money flipping posts.

“The research showed that every top US financial firm had Instagram scam attacks, whether or not the institution had owned corporate accounts on social media,” said ZeroFOX. “Most were targeted seemingly unknowingly. The research also found that this is but one of many financial scams on social media today and that many organisations remain unprotected.”

And the researchers told the BBC, that Instagram (which of course is owned by Facebook) has a particular problem with scammers because of an inbuilt feature.

“It’s really easy to private message someone on Instagram,” John Seymour, a data scientist at ZeroFox told the BBC. “Someone can initiate a direct message without having followed the original person.”

Instagram responded to the report, which it had not seen prior to its publication, by reportedly saying that the scams are “pretty low volume” on the network.

But it added that it would look at the report’s claims and recommendations.

Prior Scares

This is not the first security scare associated with Instagram. Earlier this month Symantec warned that hacked Instagram profiles are being altered with pornographic imagery promoting adult dating and porn spam.

Instagram had already been under pressure to ramp up its security following a number of high-profile incidents in 2015, including one where the account of pop star Taylor Swift was hijacked by Lizard Squad hackers.

In February the photo-sharing service added two-factor authentication (2FA) to its service, which meant users could choose to have two forms of identification verified before accessing their account.